Page 61 of 358 results (0.012 seconds)

CVSS: 9.3EPSS: 24%CPEs: 3EXPL: 0

CVE-2009-0193 – acroread: multiple JBIG2-related security flaws

https://notcve.org/view.php?id=CVE-2009-0193

Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062. Hay una vulnerabilidad en el desbordamiento del búfer en la región heap de la memoria en el programa de Adobe Acrobat Reader versión 9 anterior a 9.1, versión 8 anterior a 8.1.4, y versión 7 anterior a 7.1.1, permite a los atacantes remotos ejecutar códigos arbitrarios por medio de un archivo PDF con un segmento de diccionario de símbolos JBIG2 malformados, una vulnerabilidad diferente de los CVE- 2009-1061 y CVE-2009-1062. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/34392 http://secunia.com/advisories/34490 http://secunia.com/advisories/34706 http://secunia.com/advisories/34790 http://secunia.com/secunia_research/2009-14 http://security.gentoo.org/glsa/glsa-200904-17.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1 http://www.adobe.com/support • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 97%CPEs: 3EXPL: 5

CVE-2009-0927 – Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2009-0927

Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658. Vulnerabilidad no especificada en Adobe Reader y Adobe Acrobat v9.1 y v7.1.1 permite a atacantes remotos ejecutar código de su elección mediante vectores desconocidos, en relación con un método JavaScript y validación de entrada, una vulnerabilidad diferente a CVE-2009-0658. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required in that a user must visit a malicious web site or open a malicious file. The specific flaw exists when processing malicious JavaScript contained in a PDF document. When supplying a specially crafted argument to the getIcon() method of a Collab object, proper bounds checking is not performed resulting in a stack overflow. • https://www.exploit-db.com/exploits/9579 https://www.exploit-db.com/exploits/16606 https://www.exploit-db.com/exploits/8595 https://www.exploit-db.com/exploits/16681 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/34490 http://secunia.com/advisories/34706 http://secunia.com/advisories/34790 http://security.gentoo.org/glsa/glsa-200904-17.xml http • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 97%CPEs: 6EXPL: 4

CVE-2009-0658 – Adobe Acrobat Reader - JBIG2 Local Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2009-0658

Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E. Un desbordamiento del búfer en Adobe Reader versión 9.0 y anteriores, y Acrobat versión 9.0 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un documento PDF creado, relacionado con una llamada a una función que no sea JavaScript y posiblemente una secuencia de imágenes del componente JBIG2 incrustada, tal como se explotó “in the wild” en febrero de 2009 por Trojan.Pidief.E. • https://www.exploit-db.com/exploits/8099 https://www.exploit-db.com/exploits/16593 https://www.exploit-db.com/exploits/16672 http://isc.sans.org/diary.html?n&storyid=5902 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://osvdb.org/52073 http://secunia.com/advisories/33901 http://secunia.com/advisories/34392 http://secunia.com/advisories/34490 http://secunia.com/ad • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 0

CVE-2008-5364

https://notcve.org/view.php?id=CVE-2008-5364

Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2008-4817. Desbordamiento de búfer basado en pila en el control ActiveX getPlus en gp.ocx v1.2.2.50 en NOS Microsystems getPlus Download Manager, como el usado por el proceso de instalación de Adobe Reader v8.1 y otras descargas, permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados, siendo una vulnerabilidad diferente a CVE-2008-4817. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=754 http://www.adobe.com/support/security/bulletins/apsb08-19.html http://www.securityfocus.com/bid/32105 http://www.vupen.com/english/advisories/2008/3002 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2008-4815 – Reader: insecure RPATH flaw

https://notcve.org/view.php?id=CVE-2008-4815

Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Reader y Acrobat 8.1.2 y anteriores en Unix y Linux; permite a los atacantes ganar privilegios mediante un programa troyano en un directorio no especificado que está asociado a una RPATH no segura. • http://download.oracle.com/sunalerts/1019937.1.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://www.adobe.com/support/security/bulletins/apsb08-19.html http://www.redhat.com/support/errata/RHSA-2008-0974.html http://www.securityfocus.com/bid/32100 http://www.securitytracker.com/id?1021140 http://www.us-cert.gov/cas/techalerts/TA08-309A.html http://www.vupen.com/eng • CWE-264: Permissions, Privileges, and Access Controls •